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In the claims 

1. (currently amended) A method comprising: 

determining a set of accessor-accessible pairs, each accessor of each accessor-accessible 
pair having a predetermined level of access to the accessible of the accessor-accessible pair within 
a system topology; and, 

determining a mathematically canonical set of zones based on the set of accessor- 
accessible pairs, each zone having one or more accessors and one or more accessibles, the 
mathematically canonical set of zones used to manage access control of accessors and accessibles 
within the system topology^ 

wherein determining the mathematically canonical set of zones based on the set of 

accessor-accessible pairs comprises: 

for each unique accessible within the set of accessor-accessible pairs, sorting and 

merging accessors of the set of accessor-accessible pairs paired with the unique accessible as a 
first proto-zone. yielding a set of first proto-zones. each first proto-zone having one or more 
accessors and an accessible: 

for each unique one or more accessors within the set of first proto-zones> sorting 

and merging accessibles of the set of first proto-zones associated with the unique one or more 
accessors as a second proto-zone> yielding a set of second proto-zones. each second proto-zone 
having one or more accessors and one or more accessibles: and. 

sorting the set of second proto-zones to yield the mathematically canonical set of 

zones . 

2. (cancelled) 
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3. (original) The method of claim 1, wherein determining the set of accessor-accessible pairs 
comprises determining each accessor-accessible pair, the accessor of each accessor-accessible pair 
having the predetermined level of access to the accessible of the accessor-accessible pair within 
the system topology according to each of one or more access control methods. 

4. (original) The method of claim 1, further comprising restoring access control of the 
accessors and accessibles within the system topology from a current configuration of the 
mathematically canonical set of zones to a target configuration of a second mathematically 
canonical set of zones. 

5. (original) The method of claim 4, wherein restoring the access control from the current 
configuration to the target configuration comprises: 

comparing the current configuration to the target configuration to yield a target-only 
canonical set of zones within only the target configuration, and a current-only canonical set of 
zones within only the current configuration; 

removing zones common to both the target-only canonical set of zones and current-only 
canonical set of zones from both target-only and the current-only sets; 

generating a create set of accessor-accessible pairs from the target-only canonical set of 

zones; 

generating a remove set of accessor-accessible pairs from the current-only canonical set of 

zones; 

removing any accessor-accessible pairs within both the create set and the remove set of 
accessor-accessible pairs from each of the create set and the remove set of accessor-accessible 
pairs; 
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for each accessor-accessible pair within the create set of accessor-accessible pairs, 
restoring the predetennined level of access of the accessor of the accessor-accessible pair to the 
accessible of the accessor-accessible pair within the system topologjr, and, 

for each accessor-accessible pair within the remove set of accessor-accessible pairs, 
removing the predetermined level of access of the ac<:essor of the accessor-accessible pair to the 
accessible of the accessor-accessible pair within the system topology. 

6. (original) The method of claim S, further comprising, after comparing the current 
conjfiguration to the target configuration, ending the method upon determining that both the 
current-only set and the target-only canonical set of zones are empty. 

7. (original) The method of claim 5, further comprising, after removing any accessor- 
accessible pairs v^thin both the create set and the remove set of accessor-accessible pairs, ending 
the method upon determining that the at least one of the create set and the remove set of 
accessor-accessible pairs includes a pair having at least one of an accessor and an accessible 
absent in the system topology, 

8. (original) The method of claim 5, further comprising, after removing any accessor- 
accessible pairs within both the create set and the remove set of accessor-accessible pairs, ending 
the method upon determining that both the create set and the remove set of accessor-accessible 
pairs are empty. 

9. (original) The method of claim 5, further comprising, after removing any accessor- 
accessible pair v^thin both the create set and the remove set of accessor-accessible pairs, ending 
the method upon determining that at least one of any accessor-accessible pair within the create set 
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of accessor-accessible pairs and any accessor-accessible pair within the remove set of accessor- 
accessible pairs cannot be realized within the system topology. 

10. (original) The method of claim 4, wherein determining that any accessor-accessible pairs 
within the create set of accessor-accessible pairs cannot be realized within the system topology 
comprises at least one of: 

determining that any accessor-accessible pairs within the create set of accessor-accessible 
pairs cannot be realized according to each of one or more access control methods within the 
system topology, where for the system topology, creation of access requires the access to be 
realizable by all the access control methods); 

determining that any accessor-accessible pairs within the create set of accessor-accessible 
pairs cannot be realized according to all of the one or more access control methods within the 
system topology, where for the system topology, creation of access requires the access to be 
realizable by any of the access control methods; 

determining that any accessor-accessible pairs within the create set of accessor-accessible 
pairs cannot be realized according to any constraints applicable to the system topology; 

determining that any accessor-accessible pairs within the create set of accessor-accessible 
pairs cannot be realized according to each of the one or more access control methods within the 
system topology, where for the system topology, creation of access requires the access to be 
realizable by all access control methods, without undesirably affecting the access level of any 
other accessor-accessible pair for the access control method; and, 

determining that any accessor-accessible pairs cannot be realized according to all of the 
one or more access control methods within the system topology, where for the system topology, 
creation of access requires the access to be realizable by any of the access control methods, 
without undesirably affecting the access level of any other accessor-accessible pair for the access 
control method. 
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1 ] . (original) The method of claim 4, wherein determining that any accessor-accessible pairs 
within the remove set of accessor-accessible pairs cannot be realized within the system topology 
comprises at least one of: 

determining that any accessor-accessible pairs within the remove set of accessor-accessible 
pairs cannot be realized according to each of one or more access control methods within the 
system topology, where for the system topology, removal of access requires the access to be 
realizable by aU the access control methods); 

determining that any accessor-accessible pairs within the remove set of accessor-accessible 
pairs cannot be realized according to all of the one or more access control methods within the 
system topology, where for the system topology, removal of access requires the access to be 
realizable by any of the access control methods; 

determining that any accessor-accessible pairs whhin the remove set of accessor-accessible 
pairs cannot be realized according to any constraints applicable to the system topology; 

determining that any accessor-accessible pairs within the remove set of accessor-accessible 
pairs cannot be realized according to each of the one or more access control methods v^thin the 
system topology, where for the system topology, removal of access requires the access to be 
realizable by all access control methods, without imdesirably affecting the access level of any 
other accessor-accessible pair for the access control method; and, 

determining that any accessor-accessible pairs cannot be realized according to all of the 
one or more access control methods within the system topology, where for the system topology, 
removal of access requires the access to be realizable by any of the access control methods, 
without undesirably affecting the access level of any other accessor-accessible pair for the access 
control method. 
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12. (original) The method of claim 1, further comprising comparing a first configuration of 
the mathematically canonical set of zones to a second configuration of a second mathematically 
canonical set of zones. 

13. (original) The method of claim 12, wherein comparing the first configuration to the 
second configuration comprises: 

comparing the first configuration to the second configuration to yield at least a second- 
only canonical set of zones within only the second configuration, and a first-only canonical set of 
zones within only the first configuration; 

removing the canonical set of zones common to both the second-only canonical set of 
zones and first-only canonical set of zones firom both the first-only and the second-only sets; 

upon determining that both the first-only set and the second-only canonical set of zones 
are empty, concluding that the first configuration is identical to the second configuration; 

otherwise, 

generating a second-only set of accessor-accessible pairs fi-om the second-only 
canonical set of zones; 

generating a first-only set of accessor-accessible pairs firom the first-only canonical 

set of zones; 

removing any accessor-accessible pairs within both the first-only set and the 
second-only set of accessor-accessible pairs fi"om each of the first-only set and the second-only set 
of accessor-accessible pairs; 

upon determining that both the first-only set and the second-only set of accessor- 
accessible pairs are empty, concluding that the first configuration is identical to the second 
configuration; and, 

otherwise, concluding that the first configuration and the second configuration are 
different, as indicated by the first-only set and the second-only set of accessor-accessible pairs. 
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14, (currently amended) A system comprising: 

a plurality of accessibles within a topology accessible via at least one access control 
method; 

a plurality of accessors within the topology, each accessor having a predetermined level of 
access to each of one or more of the plurality of accessibles via one or more of the at least one 
access control method; and, 

a computer-readable medium storing data representing a mathematically canonical 
representation of access of the plurality of accessors to the plurality of accessibles, the 
representation including at least one a set of zones, each zone specifying one or more of the 
plurality of accessors having access to one or more of the plurality of accessible s to define a set of 
accessor-accessible pairs> 

wherein the set of zones is determined based on the set of accessor-accessible pairs, by: 

for each unique accessible within the set of accessor-accessible pairs, sorting and 

merging accessors of the set of accessor-accessible pairs paired with the unique accessible as a 
first proto-2one. yielding a set of first proto-zones. each first proto-zone having one or more 
accessors and an accessible: 

for each unique one or more accessors within the set of first proto-zones, sorting 

and merging accessibles of the set of first proto-zones associated with the unique one or more 
accessors as a second proto-zone. yielding a set of second proto-zones. each second proto-zone 
having one or more accessors and one or more accessibles: and. 

sorting the set of second proto-zones to yield the mathematically canonical set of 

zones 

tho canonical roprosontation satisfying a plurality of oonstrointo comprising: 

a first constraint specifying that, for each zone, each of the one more accessors of 

tho zone hag identical acoofla to each of the ono or more aoccssibles of the zone; 
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a second Gonstroint Gpoci^ng that each of the plurality of accosoiblos belongs to 

no more than one of th e at least one zon e ; and, 

a third congtrnint specifying that the at least one zone Gncompa s s largest seta of the 

plurality of aooossora that satisfy the first and the aocond oonstrainto . 

15. (original) The 5>'stem of claim 14, fiirther comprising a console by which the access of the 
plurality of accessors to the plurality of accessibles as represented by the mathematically canonical 
representation is manageable. 

16. (original) The system of claim 15, wherein the console is one of the plurality of accessors. 

17. (original) The system of claim 15, wherein the console permits a current configuration of 
the mathematically canonical representation to be restored to a target configuration of a second 
mathematically canonical representation. 

18. (original) The system of claim 14, wherein the topology comprises one of: a storage-area 
network, and a communications network. 

19. (currently amended) An article of manufacture comprising: 
a tangible computer-readable data storage medium: and, 

means in the medium for managing access of a plurality of accessors within a system 
topology to a plurality of accessibles within the system topology by using a mathematically 
canonical set of zones, each zone specifying one or more of the plurality of accessors having 
access to one or more of the plurality of accessibles to define a set of accessor-accessible pairs. 

the canonical set of zones satisfying a plurality of constraints comprising: 
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a first constraint specifying that, for each zone, each of the one more accessors of 
the zone has identical access to each of the one or more accessibles of the zone; 

a second constraint specifying that each of the plurality of accessibles belongs to 
no more than one zone; and, 

a third constraint specifying that the canonical set of zones encompasses largest 
sets of the pliirality of accessors that satisfy the first and the second constraints^ 

wherein the set of zones is determined based on the set of accessor-accessible pairs, bv: 

for each unique accessible within the set of accessor-accessible pairs, sorting and 

merging accessors of the set of accessor-accessible pairs paired with the unique accessible as a 
first proto-zone, yielding a set of first proto-zones, each first proto-zone having one or more 
accessors and an accessible; 

for each unique one or more accessors within the set of first proto-zones. sorting 

and merging accessibles of the set of first proto-zones associated with the unique one or more 
accessors as a second proto-zone. yielding a set of second proto-zones. each second proto-zone 
having one or more accessors and one or more accessibles: and, 

sorting the set of second proto-zones to yield the mathematically canonical set of 

zones . 

20. (cancelled) 

21 . (new) The method of claim 1, wherein the mathematically canonical set of zones satisfies 
a plurality of constraints comprising: 

a first constraint specifying that, for each zone, each of the one more accessors of the zone 
has identical access to each of the one or more accessibles of the zone; 

a second constraint specifying that each of the plurality of accessibles belongs to no more 
than one of the at least one zone; and, 
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a third constraint specifying that the at least one zone encompass largest sets of the 
plurality of accessors that satisfy the first and the second constraints. 

22. (new) The system of claim 14, wherein the canonical representation satisfies a plurality of 
constraints comprising: 

a first constraint specifying that, for each zone, each of the one more accessors of the zone 
has identical access to each of the one or more accessibles of the zone; 

a second constraint specifying that each of the plurality of accessibles belongs to no more 
than one of the at least one zone; and, 

a third constraint specifying that the at least one zone encompass largest sets of the 
plurality of accessors that satisfy the first and the second constraints. 
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